Claims: We claim: 

1) An unsolicited message rejecting communications processor connected to 
message transfer agents 

MTAO with an Internet address of IP J), from-address A_0, declared domain of D_0, 
and actual domain of DD_0, and 

MTA_1 with an Internet address of IP_1 and to-address A_l 
comprising: 

a) monitoring means for monitoring the communications between MTA_0 and 
MTAJ; 

b) determining means for determining if the communications contains an unsolicited 
message; and 

c) intercepting means for intercepting a .\r\n end-of-message indicator reply from 
MTA O, forcing MTAJ) to QUIT its connection with MTAl by sending an 
error reply to MTA_0 if the message is determined to be unsolicited. 

whereby MTA_1 controls the interaction between MTA O and MTA__1 before a Ar\n 
end-of-message indicator reply from MTA O is received. 

2) The unsolicited message blocking communications processor in Claim 1, further 
includes a allowaddress database and wherein the determining means determines if 
a message is not unsolicited by checking if the IP O is in the allow address database. 

3) The unsolicited message blocking communications processor in Claim 1, further 
includes a prevent_address database and wherein the determining means determines 
if a message is unsolicited by checking if IP_0 is in the prevent_address database. 

4) The unsolicited message blocking communications processor in Claim 1, further 
includes access to a open relay database and wherein the determining means 
determines if a message is unsolicited by checking if IP_0 is in the open relay 
database. 

5) The unsolicited message blocking communications processor in Claim 1, further 
includes access to a DNS (domain name server) database and wherein the 
determining means determines if a message is unsolicited by checking if IP_0 has a 
domain name entry DD_0 in the DNS database. 
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6) The unsolicited message blocking communications processor in Claim 1, further 
includes a bad_from database and wherein the determining means determines if a 
message is unsolicited by checking if the from-address A_0 is in the bad_from 
database. 

7) The unsolicited message blocking communications processor in Claim 1, further 
includes a suspect_domain database and wherein the determining means determines 
if a message is unsolicited by checking if the actual domain DD_0 matches the 
domain of from-address A O and the domain of from-address A O is in the 
suspectjiomain database. 

8) The unsolicited message blocking communications processor in Claim 1 , wherein the 

determining means determines if a message is unsolicited by checking if the from- 
address A O matches the to-address (A_l). 

9) The unsolicited message blocking communications processor in Claim 1, further 
includes a no filter database and wherein the determining means determines if the 
message is to be blocked if it is determined to be unsolicited. 

10) The unsolicited message blocking communications processor in Claim 1, wherein the 
determining means determines if a message is unsolicited by checking if the declared 
domain D O of MTA_0 is the same as the domain D_l of MTA1. 

1 1) The unsolicited message blocking communications processor in Claim 1, wherein the 
determining means determines if a message is unsolicited by checking if the declared 
domain D_0 of MTA_0 does not match the real domain DD_1 and the declared 
domain D_0 is in the suspect_domain database. 

12) The unsolicited message blocking communications processor in Claim 1, further 
includes a bad_word database and wherein the determining means determines if a 
message is unsolicited by checking if the subject line of the message contains any 
words in the bad_word database. 

13) The unsolicited message blocking communications processor in Claim 1, further 
includes a bad_fingerprint database and wherein the determining means determines if 
the hash "fingerprint 1 ' of a portion of the message is in the bad_fingerprint database. 

14) The unsolicited message blocking communications processor in Claim 1, further 
includes a rejected_connection database which logs the time, from-address A O, to- 
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address A_l, and the reason for the rejection if a message is rejected if the message is 
determined to be unsolicited. 
15) The unsolicited message blocking communications processor in Claim 1, further 
includes a allowed connection database which logs the time and to-address A_l if the 
message is determine not to be unsolicited. 
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16) A method for 

a receiving networked computer system with an Internet connection, a mail 
transport agent MTA_1, an Internet address IPl, to-address A_l, and an 
operating system capable of executing the method 

to reject unsolicited messages from 

a transmitting networked computer system with an Internet connection and a 
message transfer agent MTA_0, an Internet address IPO, from-address A_0, 
declared domain D O, and actual domain DD O 

comprising the steps of: 

a) waiting for a new SMTP connection request; 

b) relaying and monitoring the replies from MTAO to MTAl ; 

c) relaying replies from MTA_1 to MTA_0; 

d) intercepting the .\r\n end-of-message indicator reply from MTA_0 to MTA l ; 

e) determining if the message is unsolicited by analyzing the monitored replies; 

f) releasing the intercepted ,\r\n end-of-message reply if the message is determined 
not to be unsolicited; and 

g) sending a error reply to MTAJ) to force MTA O and MTA l to close down their 
connection; 

whereby MTA_1 controls the interaction between MTA O and MTA l until a .\r\n 
end-of-message indicator reply is received from MTA_0. 
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1 7) A method for 

a receiving networked computer system with an Internet connection, DNS 
server, and open relay database, a mail transport agent MTA_1, IP address 
IP_1, a domain name D_l, a recipient, A_l, an allow_address database, a 
prevent_address database, a suspect_domain database, a bad from database, a 
no filter database, a yes filter database, a bad_word database, a 
bad fingerprint, a rejected_connection database, an allowed connection 
database, and an operating system capable of executing the method 
to reject unsolicited messages from 

a transmitting networked computer system with an Internet connection, a 
message transfer agent MTA_0, an IP address of IP_0, a declared domain 
name DO, a real domain name DD O, and a sender address of A O 

comprising the steps of: 

a) waiting for a SMTP connection request on the receiving networked computer 
system's Internet connection; 

b) sending a 220 reply to MTA_0 to acknowledge the requested connection; 

c) extracting IP address IP O from the connection request; 

d) requesting a domain name DD_0 for IP_0 from the DNS server; 

e) testing if domain name DD_0 is "no name"; 

f) testing if IP O is in an open relay database; 

g) testing if IPO is in the allow_address database; 

h) testing if IP O is in the prevent address database, 

i) requesting a connection with MTA_1 ; 

j) waiting for a 220 reply from MTA_1 to acknowledge the requested connection; 

k) waiting for a reply from either MTA_0 or MTA_1 ; 

1) jumping to step o) if the reply is not from MTA l ; 

m) relaying the reply from MTA_1 to MTA O; 

n) jumping to step k) to wait for a new reply; 

o) jumping to step u) if the reply from MTA O is not a HELO; 

p) extracting domain D_0 from the reply; 
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q) testing if declared domain D O of MTA O matches domain D_l of MTA_1; 
r) testing if declared domain D O does not match real domain DD O of MTA O 

AND declared domain D O is in the suspect_domain database; 
s) relaying the HELO reply from MTA J) to MTA J ; 
t) jumping to step k) to wait for a new reply; 
u) jumping to step aa) if reply from MTA O is not a MAIL; 
v) extracting from-address A_0; 
w) testing if A O is in the bad_from database; 

x) testing if DD_0 does not match the domain of A J) and the domain of AO is in 

the suspectjiomain database; 
y) relaying MAIL reply to MTAl ; 
z) jumping to step k) to wait for a new reply; 
aa) jumping to step ii) if reply from MTA O is not a RCPT; 
bb) extracting to-address A_l ; 
cc) testing if A_l is in no_filter database; 
dd) testing if A_0 matches A_l ; 
ee) testing if A O is in the no filter database; 
ff) testing if A_0 is in the yes_filter database; 
gg) relaying RCPT reply to MTA_1 ; 
hh) jumping to step k) to wait for a new reply; 
ii) jumping to step yy) if reply from MTA_0 is not DATA; 
jj) relaying DATA to MTA_1; 
kk) waiting for 354 reply from MTA_1 ; 
11) relaying 343 reply to MTA_0; 

mm) wait for body of message; x 
nn) relaying body of message to MTA l ; 
oo) waiting for .\r\n end-of-message indicator; 

pp) testing if any word in the subject line of the message is in the bad_word 
database; 

qq) testing if the hash "fingerprint" of a portion of the message is in the 
bad_fingerprint database; 
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rr) jumping to step vv) if NOT(t_allow OR t_no_filter OR OR NOT t_yes_filter 
OR NOT ( t_prevent OR t open OR tJDD-) OR t_bad_from OR 
t_suspect_domain OR techodomain OR t_forged_domain OR t_bad_word 
OR t_bad_fingerpring)) ; 

ss) logging time and to-address A_l in the allowed_connection database; 

tt) relaying the .\r\n end-of-message indicator reply to MTAl to continue the 
conversation; 

uu) jumping to step k) to wait for a new reply; 

vv) logging the time, from-address A_0, to-address A_l, and the reason for 

rejecting the connection in the rejected_connection database; 
ww) sending a 554 reply to MTA O to terminate the conversation; 
xx) jumping to step k) to wait for a new reply; 

yy) jumping to step ggg) if reply from MTA_0 is not RSET, SEND, SCML, 

SAML, VRFY, NOOP, EXPN, HELP, or TURN; 
zz) relaying reply to MT A_ 1 ; 
aaa) jumping to step j) to wait for a new reply; 
bbb) jumping to step ddd) if reply from MTA_0 is not a QUIT; 
ccc) relaying the QUIT reply to MTA_1 ; 
ddd) waiting for 221 reply from MTA_1 
eee) relaying 221 reply from MTA l to MTA_0; 
fff) jumping to step a) to wait for a new connection; 
ggg) sending a 500 reply to MTA_0 to signal a syntax error; and 
hhh) jumping to step a) to wait for a new connection. 



32 



